Hi Bas,
* Bas Wijnen <wijnen@debian.org> [2008-04-24 23:34]:
> We (Bas Wijnen, Lucas Nussbaum) worked on a Debian Enhancement
> Proposal[0] on the policies and workflows for Non Maintainer Uploads
> (NMUs).
>
> The main purpose of the proposal is:
> * to explicitely allow fixing bugs of severity lower than important in
> NMUs.
> * to encourage the use of the DELAYED queue.
> * to try to encourage a responsible approach for NMUs, instead of an
> approach based on strict rules.
[...]
What about introducing a special case regarding the waiting
period before uploading an NMU for security bugs? There are
often cases in which we already have a patch handy to fix a
security issue but still wait a few days on the maintainers
reaction.
The 0-day NMU rules at the moment are already
helpful here but I also consider 7 days of waiting period as
unacceptable for security fixes and not all maintainers are
on the Low-Treshold-NMU list.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.